/*
 Copyright (c) 2024 Broin All rights reserved.
 Use of this source code is governed by a BSD-style
 license that can be found in the LICENSE file.
 */

#ifndef AUDIT__H
#define AUDIT__H

/**
 * @description: 为事件分配内存空间
 * @param {u32} policy_id :策略文件id
 * @param {audit_type_t} type : 文件类型
 * @return {struct audit_event*} 事件
 */
static __always_inline struct audit_event *alloc_audit_event(u32 policy_id, audit_type_t type)
{
    struct audit_event *e = bpf_ringbuf_reserve(&event_audit, sizeof(struct audit_event), 0);
    if (!e)
    {
        bpf_printk("[ERROR]: Failed to alloc audit event!");
        return NULL;
    }

    // 填写事件信息
    e->pid = bpf_get_current_pid_tgid() >> 32;
    e->tgid = bpf_get_current_pid_tgid();
    e->policy_id = policy_id;
    e->type = type;
    bpf_get_current_comm(e->comm, sizeof(e->comm));

    return e;
}

/**
 * @description: 发送事件
 * @return {*}
 */
#define submit_audit_event(event) bpf_ringbuf_submit(event, 0);

#endif // !AUDIT__H